Grid Community Toolkit  6.2.1705709074 (tag: v6.2.20240202)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ssh-sk.h
1 /* $OpenBSD: ssh-sk.h,v 1.11 2021/10/28 02:54:18 djm Exp $ */
2 /*
3  * Copyright (c) 2019 Google LLC
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #ifndef _SSH_SK_H
19 #define _SSH_SK_H 1
20 
21 struct sshbuf;
22 struct sshkey;
23 struct sk_option;
24 
25 /* Version of protocol expected from ssh-sk-helper */
26 #define SSH_SK_HELPER_VERSION 5
27 
28 /* ssh-sk-helper messages */
29 #define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */
30 #define SSH_SK_HELPER_SIGN 1
31 #define SSH_SK_HELPER_ENROLL 2
32 #define SSH_SK_HELPER_LOAD_RESIDENT 3
33 
34 struct sshsk_resident_key {
35  struct sshkey *key;
36  uint8_t *user_id;
37  size_t user_id_len;
38 };
39 
40 /*
41  * Enroll (generate) a new security-key hosted private key of given type
42  * via the specified provider middleware.
43  * If challenge_buf is NULL then a random 256 bit challenge will be used.
44  *
45  * Returns 0 on success or a ssherr.h error code on failure.
46  *
47  * If successful and the attest_data buffer is not NULL then attestation
48  * information is placed there.
49  */
50 int sshsk_enroll(int type, const char *provider_path, const char *device,
51  const char *application, const char *userid, uint8_t flags,
52  const char *pin, struct sshbuf *challenge_buf,
53  struct sshkey **keyp, struct sshbuf *attest);
54 
55 /*
56  * Calculate an ECDSA_SK or ED25519_SK signature using the specified key
57  * and provider middleware.
58  *
59  * Returns 0 on success or a ssherr.h error code on failure.
60  */
61 int sshsk_sign(const char *provider_path, struct sshkey *key,
62  u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
63  u_int compat, const char *pin);
64 
65 /*
66  * Enumerates and loads all SSH-compatible resident keys from a security
67  * key.
68  *
69  * Returns 0 on success or a ssherr.h error code on failure.
70  */
71 int sshsk_load_resident(const char *provider_path, const char *device,
72  const char *pin, u_int flags, struct sshsk_resident_key ***srksp,
73  size_t *nsrksp);
74 
75 /* Free an array of sshsk_resident_key (as returned from sshsk_load_resident) */
76 void sshsk_free_resident_keys(struct sshsk_resident_key **srks, size_t nsrks);
77 
78 #endif /* _SSH_SK_H */
79